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(54) Method and apparatus for a secure muttlcasi transmission 



(57) A method and apparatus for a secure multicast 
transmission is provided. A secure multicast transmis- 
sion reservation, received at a multicast session secu- 
rity platform, is sent from a sender of a secure multicast 
transmission and may include, for example, information 
atx)ut the secure multicast transmission and information 
about which multicast receivers are authorized to 
receive the secure multicast transmission. The multicast 
session security platform also receives a request for 
security infomriation from a requesting multicast 
receiver. The multfoast session security platform may 



include, for example, a multicast session security server 
capable of communicating with a plurality of senders 
and a plurality of requesting receivers. It is determined, 
using information from the reservation, if the requesting 
receiver is authorized to receive the secure multicast 
transmission. If so, nulticasttransmissfon security infor- 
mation, such as IPSEC SA information needed to 
receive the secure multicast transmission, is sent to the 
requesting receiver. 



FIG. 2 



CM 
< 



ID 



3D0 



MJUOST SE5SBM 





UJ 



Primed by Xerax (UK) Business Services 
2.16.7 {Hn8)A6 



1 



EP0 994 600 A2 



2 



Description 

Reidofihe Invention 

[0001] The present invention relates to multicast 
transmissions. More particularly, the present invention 
relates to a method and apparatus that may be used to 
provide a secure multicast transmission. 

Pfickqround o tf the Invention 

[0002] Many different types of information can be 
sent through a data communication network such as the 
Internet. The types of information include, for example, 
streams of text (including software), images (including 
still and moving images) and audio information. 
Streams that combine different types of information, 
such as multimedia content, can be transmitted as well. 
[0003] A communication network user can request 
an Information stream directly from an information 
source, or "sender." which responds to the request by 
sending the stream to the user. This method of sending 
an information stream from a single point, such as the 
sender, to a single point, such as the user, is called a 
"unicasT transmissfon. The sender may also 'tjroad- 
casT the information stream through the communication 
network by sending the informatfon to routers in the 
communication network even if no user downstream 
from a particular router is going to receive the stream. 
[0004] Both unicast and broadcast transmissions, 
however, can be very inefficient With a unicast trans- 
mission scheme if the sender wishes to send informa- 
tion to a number of receivers, the sender must transmit 
a number of separate streams of information into the 
network, even though each stream contains exactly the 
same information. Moreover, each stream must be indi- 
vidually handled by communication nodes, or routers, in 
the network. Such an approach can result in an un^- 
ceptable amount of traffic in the network. A broadcast 
transmission can be inefficient because some routers 
may be tied up handling information streams even if no 
user downstream from a partfoular router receives the 
information, which is also inefflctent. . 
[0005] As an alternative to a unfoast or broadcast 
transmisdon, the Information stream can be sent from a 
single point to multiple points. This method of sending 
information, called a "multicast'' transmission, is illus- 
trated in FIG. 1, which shows a block diagram of a 
known system for transmitting a multicast information 
stream through a communication network 200. The 
communication network 200 has a nunri^er of multicast- 
capable routers 202, and information enters the network 
as a single stream from a multicast device 210. or 
sender, to a one of those routers 202. As the stream 
travels trough the network 200, the routers 202 divide 
the stream into multq^le streams as required to send the 
information downstream to other routers 202 and/or to 
locally attached interested devices 110. or '^receivers." 



A user who wants to receive a particular multicast trans- 
mission can, for example, use Internet Group Manage- 
ment Protocol (IGMP) to send a loin" message to a 
local mutticast-capak)le router 202. 
5 [0006] ^k)te that witti a multicast transmission, the 
link between the sender 210 and the communication 
network 200 only needs to cany a single stream of mul- 
ticast information. 

[0007] Depending on the nature of the multicast 

10 transmission, the sender 210 and/or receiver 1 10 of a 
multicast stream m^ desire to make tiie transmission 
"secure," For example, tiie parties may want to make 
sure that the transmission is not received by otiier. 
"unauthorized," receivers. The parties nnay also need to 

IS verify that the transmission actually originates from ttie 
sender 21 0 and has not been tampered wrtti or altered. 
To provide this type of security, multicast transmission 
security information can be used by both the sender 21 0 
and the receiver 110. The Internet Protocol version 6 

20 {IPv6) Internet Protocol Security (IPSEC) standard is 
one example of an architecture that can be used to pro- 
vide a secure multicast transmission, and is descrfoed 
in Kent Stqphen, "Security Architecture for the Internet 
Protocol," Network Working Group (July 1998), the 

25 entire disclosure of vj^ich is hereby incorporated by ref- 
erence. The IPSEC protocol defines, for example, 
Authentfoation Header (AH) and Encapsulating Security 
Payload (ESP) headers, which are generally transpar- 
ent to applications and routers, that can be used to pro- 

30 vide a secure transmission. Both the AH and ESP 
headers contain a Security Parameter Index (SPl) 
which, along with an IP destinatfon address, identifies a 
Security Association (SA) needed to receive the multi- 
cast transmission. In general, for example, IPSEC AH 

35 Information provides integrity checking Information that 
lets a receiver detect if a packet was forged or modified 
while traveling across a data network. 
IP008] Typically, each receiver 1 1 0 needs to indivkJ- 
ually request the multicast transmission security Infor- 

40 mation from the sender 210. The sender 210 then 
determines If a requesting receiver 1 10 is authorized to 
receive the secure multicast transmission, and, if so, 
separately delivers tiie multicast transmission security 
information to each receiver 110. The receivers 1 10 can 

45 then use the multicast transmission security information 
to, for example, decode a secure multicast transmission 
from tine sender 210. 

[0009] This approach, however, may not be practi- 
cal if the sender 210 needs to send a secure multicast 

50 transmission to a large number of receivers 1 1 0. In this 
case, the sender 210 must individually communicate, 
for exanple, with tens of thousands requesting receiv- 
ers 110, often simultaneously, and separately process 
each request Moreover, a large number of separate 

55 responses, including ttie multicast transmission security 
information, must be sent back through tiie communica- 
tion network 200. This eliminates some of ttie benefits 
of using multicast technofogy. such as, for example, let- 
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ting the link between the sender 210 and the communi- 
cation networl< 200 carry only a small amount of 
information. 

[0010] Another problem with known methods of 
providing midt'cast transmission security information is s 
that the infornraton each receiver 1 10 must provide to 
demonstrate that he or she is authorized to receive the 
secure multicast transmission may be sensitive. Such 
Information may include, for example, a credit card 
number or home address, and people may hesitate to io 
provide this type of information to an unfamiliar sender 
210. In addition, a sender 210 may need to coordinate 
billing and collection procedures for a large number of 
receivers 110. v^ich can be a difficult task. 
[0011] In view of the foregoing, it can be appreci- is 
ated that a substantial need exists for a mettxxl and 
apparatus that provkjes multicast transmission security 
information and solves the problems discussed above. 

Summarv of The Invention 20 

[0012] The disadvantages of the art are alleviated 
to a great extent by a method and apparatus that pro- 
vides multicast transmission security information. A 
secure multicast transmission reservation is received at 2S 
a nrujiticast session security platform. The reservation is 
received from a sender of a secure multicast transmis- 
sion and may inclittje, for example, information about 
the secure multicast transmission and information akxjut 
which multicast receivers are authorized to receive the 30 
secure multicast transmission. The multicast sessbn 
security platform also receives a request for security 
information from a requesting multicast receiver. The 
multicast session security platform may include, for 
exanple. a multicast session security server capatde of ss 
communicating with a plurality of senders and a plurality 
of requesting receivers. It is determined, using Informa- 
tion from the reservation, if the requesting receiver is 
authorized to receive the secure nrujIticast transmission. 
If so, the multicast transmission security information. 40 
such as the SA information needed to receive the 
secure multicast transmlssfon. Is sent to the requesting 
receiver. The SA information may comprise, for exam- 
ple, an authentication key, and authentication key and a 
key life-time, atong with other information. 45 
[0013] With these and otiier advantages and fea- 
tures of the invention that vwll become hereinafter 
apparent the nature of the invention may be vnore 
dearly understood by reference to tiie following detailed 
desaiption of tine invention, the appended claims arxl to so 
the several drawings attached herein. 

Brief Descripti on of The Drawings 

[0014] ss 

FIG. 1 is a block diagram of a known system that 
transmits a multicast information stream through a 



communication network. 

FIG. 2 is a block: diagram including a system tiiat 
provides multicast transmission security informa- 
tion according to an embodiment of the present 
invention. 

FIG. 3 is a more detailed block diagram of a system 
tiiat provides multicast transmission security infor- 
mation according to an embodiment of the present 
invention. 

FIG- 4 is a flow diagram of a metiiod for providing 
multicast transmisaon security information accord- 
ing to an embodiment of the present invention. 

Detailed. Description 

[0015] The present invention is directed to a 
method and apparatus tiiat pnwides multicast transmis- 
sion security information. Referring now in detail to the 
drawings wherein like parts are designated by like refer- 
ence numerals tiiroughout. ttiere is illusti-ated in FIG. 2 
a block diagram Including a multicast session security 
platform 300 tiiat provides multicast ti-ansmission secu- 
rity information for a communication network 200 
according to an embodiment of tiie present invention. 
The communication network 200 comprises a number 
of multicast-capable routers 202 that let a sender 220 
transmit a multicast information stream to a number of 
receivers 120. 

[0016] According to an embodiment of the present 
invention, ttie multicast session security platform 300 
receives a secure multicast transmission reservation 
from the sender 220 of a secure multicast transmission. 
The reservation may include, for example, information 
about the secure multicast transmission such as the 
titie. date, time of day and duration of tiie fransmission, 
[001 7] The resen/ation may also include the partic- 
ular security information, such as a group key or a 
iPSEC SA. needed to receive tiie secure multicast 
transmission, and information about which multicast 
receivers 120 are authorized to receive the secure mul- 
ticast transmission. For example, a franchisor corpora- 
tion may want to send a multicast ti-ansmission 
containing sensitive financial information to a nun*)er of 
franchisee corporations. In this case, the reservation 
may include a list of auttiorized names and passwords 
associated witii each franchisee corporation. 
[0018] Instead of a list of auttiorized receivers, tiie 
reservation may include billing information, such as a 
price tiiat must be paid by a requesting receiver 120 
before he or she will be auttiorized to receive the multi- 
cast transmission. For example, the resen^tion may 
indicate that anyone who pays five dollars is auttiorized 
to receive a particular multicast transmission of movie. 
[001 9] The multicast session security platform 300 
also receives a request for multicast transmission secu- 
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rity information from a requesting multicast receiver 
120. The request may be received using a secure trans- 
mission, such as a secure unicast IPSEC transmission. 
The seccure unicast transmission may be established 
using known public key techniques. As part of the initial 
request, or through some further interaction after the ini- 
tial request, the receiver 120 will provide Information to 
the multicast session security platform 300. such as, for 
example, (a) the name or nature of the multicast trans- 
mission the receiver 120 wants to receive, (b) an identi- 
fier, such as a name and password, associated with the 
receiver 120 and/or (c) a credit card number or other 
billing information. 

[0020] The multicast session security platform 300 
then determines if the requesting multicast receiver 120 
is authorized to receive the secure multicast transmis- 
sion. This may be done, for exanple, by comparing the 
name and password of the receiver 120 with a list of 
authorized names and passwords contained in the res- 
ervation. If the requesting nnulticast receiver 120 is 
authorized, the multicast session security platform 300 
responds with the multicast transmission security infor- 
mation, such as the IPSEC SA information. The 
approved receiver 120 can then use this information to 
receive the secure multicast transmission from the 
sender 220. 

[0021 ] According to an embodiment of the present 
invention, the multicast session security platform 300 
may be conf igured to handle reservations and requests 
from a targe number of senders 220 and receivers 120. 
For example, the muhtcast session security platform 
300 may have a number of pre-approved subscribers 
who are authorized to receive certain types of multicast 
transmissions or transmissions from certain senders 
220. As shown in FIG, 2, the multicast session security 
platfonm 300 may send the security infonmation to a 
number of personal conrputers. If desired, however, the 
platform could send the information to. for exanrple, a 
secure telephone or fax machine, a wireless Personal 
Digital Assistant (PDA) or any other type of communica- 
tfon device, in addition, the security information may be 
sent through the same communication network 200 that 
will be used to transmit the secure multicast session, or 
through some other communication network. 
[0022] Moreover, the multicast session security 
platform 300 may transmit statistics to the sender 220. 
such as the total nunto of currently approved receiv- 
ers 120 or a total amount of money that has been col- 
lected from those receivers 120. 
[0023] FIG, 3 is a more detailed block diagram of a 
system that provides multicast transmission security 
information for an IP multicast network 205 according to 
an embodiment of the present invention. A multicast 
session security platform 300 includes a multicast ses- 
sion security server 350 connected to IP multicast net- 
work 205 tiirough a communk;ation port 352 (e.g.. an 
Ethernet port). The IP mutticast network 205 is com- 
prised of a number of IP multicast-capable routers 207, 



and the Mutticast Backbone (f^Bone) is one example of 
such a communication network. 
[0024] According to an embodiment of tiie present 
invention, tiie mutticast session security server 350 

5 receives a secure multicast transmission reservation 
from a sender 230 of a secure multicast transmission. 
This may be done, for example, using a Multicast Secu- 
rity Client (MSC) application 235 installed on the sender 
230 and configured with the IP address of one or more 

10 multicast session security servers 350. The multicast 
session security server 350 and the MSC application 
1 35 may be configured to let the sender 230 submit the 
reservation using a communication network information 
page, such as a World Wide Web CWeb") page trans- 

15 mitted through the Intemet 

[0025] As described above with respect to FIG. 2, 
the reservation may include, for example, (a) the title, 
date, time of day and duration of the transmission, (b) 
an IPSEC SA - such as one using the Internet Security 

20 Association and Key Management Protocol (ISAKMP) 
framework - needed to receive the transmission, (c) a 
list of names and passwords associated with authorized 
receivers 130 and/or (d) an admission policy, such as a 
price that must be paid by each requesting receiver 130 

25 before he or she will be authorized to receive tiie trans- 
mission. The reservation information may be stored in a 
reservation database 310 afong wHh reservations for 
otiier multicast transmissions and/or other muitfoast 
serxiers 230. 

30 [p026] The multicast sessfon security server 350 
also receives a request for multicast transmission secu- 
rity Information from a number of requesting multicast 
receivers 130. This may be done using, for exanple, a 
MSC application 135 running on tiie receiver 130, which 

35 may be configured to let a receiver request the security 
information tiirough a Web page. This request may be 
generated by the MSC application 135 without any 
explicit action by a user. Note that if required, a multi- 
cast-unicast gateway may be installed between the IP 

40 multicast network 205 and either the sender computer 
230 or the receiver computer 130. The request may be 
received ushg a secure transmissfon, such as a secure 
unicast IPSEC transmission, and may include, for 
exanple, the name of a multicast transmisaon, a 

45 requesting name and password, and a credit card 
number. User information, such as information associ- 
ated with a subscriber of the multicast session security 
platibrm 300, may also be stored in a user database 
320. Such information may include the type of multicast 

50 fransmissions a subscriber is authorized to receive, or 
other infrxmation based on, for example, a form filled 
out by the user when he or she subscribes to tiie serv- 
ice. 

[0027] The multicast sessfon security server 350 
55 tiien determines if a requesting multicast receiver 1 30 is 
authorized to receive the secure multicast fransmission. 
If the requesting multicast receiver 130 is authorized, 
the multicast session security server 350 responds with 
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the multicast transmission security information, such as 
the IPSEC SA information. The SA information is used 
to establish the specific implementation of IPSEC pro- 
tection that will be used during the secure multicast 
transmissioa The SA information may indicate, for 
example, what types of keys are required and how the 
transmission will be encrypted or authenticated. The SA 
information may also include a specific destination IP 
address, authentication key, session key and SPI that 
are needed to receive the multicast transmission. The 
approved receiver 130 may then use this infornr^tion to 
receive the secure multicast transmission from the 
sender 230, Note that the information may requested, 
received and used by an approved receiver 130 - all 
without the user being aware of the operation, if desired. 
[0028] FIG. 4 is a flow diagram of a method that 
provides multicast transmission security information for 
a communication network, such as the Internet, accord- 
ing to an emtxxiiment of the present invention. At step 
410. a seciffe multicast transmission reservation is 
received at a Multicast Session Security Platform 
(MSSP). The resen^tion is received from a sender of a 
secure multicast transmission and may Include, for 
example, infbrmatk)n about the secure multicast trans- 
mission and information about which multicast receivers 
are authorized to receive the secure multicast transmis- 
sion. 

[0029] The multicast session security platform also 
receives a request for security information from a 
requesting multicast receiver as indicated at step 420. 
The multicast session security platform may include, for 
example, a multicast session security server capable of 
communicating with a plurality of senders and a plurality 
of requesting receivers. It is determined, using informa- 
tion from the reservation, if a requesting receiver is 
authorized to receive the secure multicast transmission 
at step 430. If so, the multicast transmission security 
infomnation, such as IPSEC SA information needed to 
receive the secure multicast transmission, is sent to the 
requesting receiver at step 440. 
[0030] Although vark>us embodiments are specifi- 
cally niustrated and descrbed herein, it wlU be appreci- 
ated that modifkations and variations of the present 
inventton are covered by the above teachings and wItNn 
the purview of the appended claims without departing 
from the spirit and intended scope of the invention. For 
example, although particular system architectures were 
used to illustrate the present invention, it can be appre- 
ciated ttiat other architectures may be used Instead. 
Similarly, arthough particular types of security protocols 
have been illustrated, other security protocols will also 
fall within tiie scope of the invention. Rnaily, aHhough 
software or hardware are described to control certain 
functions, such functions can be peribrmed using eitiier 
software, hardware or a con*ination of software and 
hardware, as is well known in the art As is also known, 
software may be stored on a medium, such as, for 
example, a hard or floppy disk or a Compact Disk Read 



Only f^emory (CD-ROf\/l), in the form of instructions 
adapted to be executed by a processor. The instructions 
may be stored on the medium in a compressed and/or 
encrypted fomiat. As used herein, tiie phrase "adapted 
5 to be executed by a processor" is meant to encompass 
instructions stored in a compressed and/or encrypted 
format, as welt as instructions that have to be conpiled 
or installed by an installer before being executed by the 
processor. 

10 

aainns 

1 . A method of supplying multicast transmission secu- 
rity information to a plurality of requesting multicast 
IS receivers, ttie ntjlticast transmission security infor- 
mation being configured to enable receipt of a 
secure multicast transmissfon, comprising tiie 
steps of: 

20 establishing an individual secure unic^ chan- 

nel for each of the plurality of requesting multi- 
cast receivers, the secure unicast channels 
being established using security information 
different from tiie nwlticast transmisston secu- 

25 rity information: 

receiving, through the secure unicast channel, 
authorization information from each of the plu- 
rality of requesting multicast receivers: 

30 

determining rt each of plurality of requesting 
multicast receivers is autiiorized to receive the 
secure multicast transmission: and 

35 sending, through the secure unicast channel. 

the multicast transmission security information 
to each of the authorized requesting multicast 
receivers. 

40 2. The method of claim 1 . wherein the multicast trans- 
mission security information comprises Intemet 
Protocol Security (IPSEC) information needed to 
receive the secure multicast transmission. 

45 3. A method for provWing multicast transmisston secu- 
rity information, comprising the steps of: 

receiving, at a multicast session security plat- 
form, a secure multicast transmission reserva- 
50 tion from a sender of a secure multicast 

transmisston, the secure multicast transmis- 
sion reservation conprising informatfon about 
the secure multicast f ansmission: 

55 receiving, at the multicast session security plat- 

form, a request for the multicast transmission 
security information from a requesting multi- 
cast receiver: and 
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determining if the requesting multicast receiver 
Is authorized to receive the secure multicast 
transmission. 

4. The method of daim 3, further comprising: s 

sending the multicast transmission security 
information to the requesting multicast receiver 
if the requesting multicast receiver is author- 
ized to receive the secure multicast transnrus- io 
slon. 

5. The method of claim 3. wherein the secure multi- 
cast transmission reservation further comprises 
information about which multicast receiveis are is 
authorized to receive the secure multicast transmis- 
sion, and wherein said step of determining is per- 
formed using information from the secure multicast 
transmission reservation. 

20 

6. The method of claim 3. wherein the secure multi- 
cast transnnission reservation further comprises the 
multicast transmission security infbmnation. 

7. The method of claim 4, wherein said step of receiv- 2s 
ing comprises receiving a plurality of requests lor 
the multicast transmission security information from 

a plurality of requesting multicast receivers, and 
wherein said steps of determining and sending are 
performed for each of the plurality of requesting 30 
multicast receivers. 

8. The method of claim 3, wherein the multicast trans- 
mission security information comprises Internet 
Protocol Security (IPSEC) information needed to ss 
receive the secure multicast transmission. 

9. The method of claim 8, wherein the IPSEC informa- 
tion conrprises Security Association (SA) irTforma- 
tion needed to receive the secure multicast 40 
transmission. 

10. The method of claim 3. wherein said step of receiv- 
ing comprises receiving the request for multicast 
transmission security infonnation as a unicast Inter- 4S 
net Protocol Security (IPSEC) transmission. 

1 1 . The method of daim 3, further comprising the step 
of: 

so 

receiving billing information from the request- 
ing multicast receiver. 

12. The method of claim 7. wherein said step of deter- 
mining is performed using the billing infornnation ss 
received from the requesting multicast receiver. 

13. The method of daim 3. further comprising the step 



of: 

sending billing information to the sender of the 
secure multicast transmission. 

14. The method of daim 3, wherein tiie secure multi- 
cast transnvssion reservation is received using a 
communication network information page. 

1 5. The method of dam 3. wherein tiie request for mul- 
ticast transmission security infornnation is received 
using a communication network information page. 

16. A method for providing Internet Protocol Security 
(IPSEC) Security Association (SA) information 
related to a secure multicast transmission, compris- 
ing the steps of: 

receiving, at a multicast session security plat- 
form, a secure multicast transmission reserva- 
tion from a sender of the secure nnulticast 
transmission, wherein the secure multicast 
transmission reservation indudes the IPSEC 
SA information and information about author- 
ized multicast receivers; 

receiving, at the multicast session security plat- 
form, a plurality of requests for the IPSEC SA 
Information from a plurality of requesting multi- 
cast receivers; 

determining if each of the plurality of request- 
ing multicast receivers is autiiorized to receive 
the IPSEC SA information based on infonna- 
tion about authorized multicast receivers con- 
tained in the secure multicast transnnission 
reservation; and 

sending the IPSEC SA information to author- 
ized requesting multicast receivers. 

17. A multicast session security platform, comprising: 

a first communication port configured to 
receive a secure multicast transmission reser- 
vation, induding multicast transmission secu- 
rity information and information about 
authorized multicast receivers, from a sender 
of a secure multfoast transmission; 
a second communication port configured to 
receive a plurality of requests for the multicast 
transmission security information from a plural- 
ity of requesting multicast receivers; and 
a server system coupled to said first and sec- 
ond communication ports, said server system 
being configured to determine if each of ttie 
plurality of requesting muftfoast receivers is 
authorized to receive tiie multicast transmis- 
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sion security information based on the informa- 
tion about authorized multicast receivers 
contained in the secure multicast transmission 
reservation. 

5 . 

18. An article of manufacture comprising a computer- 
readatsle medium having stored therein instructions 
adapted to be executed by a processor, the instruc- 
tions which, when executed, d^ine a series of 
steps for providing multicast transnnission security io 
information, said steps conprising: 

receiving, at a multicast session security plat- 
form, a secure multicast transmission reserva- 
tion from a sender of a secure multicast 75 
transmission, the secure multicast transmis- 
sion reservation comprising information atXHit 
the secure nrulticast transmission; 

receiving, at the multicast session seci^ ity piat- 20 
form, a request for the multicast transmission 
security information from a requesting multi- 
cast receiver: and 

determining if the requesting multicast receiver 2s 
is authorized to receive the secure multicast 
transmission. 

19. The medium of claim 18, wherein the steps further 
comprise: so 

sending the multicast transmission security 
information to the requesting multicast receiver 
rf the requesting multicast receiver is author- 
ized to receive the secure multicast transm^- 35 
sion. 

20. The medium of daim 18. wherein the secure multi- 
cast transmission reservation further comprises 
information atx>ut which multicast receivers are 40 
authorized to receive the secure multicast transmis- 
sion, and wherein the step of determining is per- 
formed using information from the secure multicast 
transmission reservation. 

45 

21. An article of manufacture comprising a computer- 
readable medium having stored therein instructions 
adapted to be executed by a processor, the instruc- 
tions which, when executed, define a series of 
steps for receiving multicast transmission security so 
information, said steps conprising: 

sending a request for the multicast transmis- 
sion security information to a multicast session 
security platform, the request including at least ss 
one of (a) user identification information, (b) 
billing information and (c) multicast transmis- 
sion identification information: 



receiving the multicast transmission security 
information from the multicast sessfon security 
platform; and 

receiving, using the multicast transmission 
security information, a secure multicast trans- 
mission from a sender other than the multicast 
session security platfonn. 
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